You can configure the authentication method by configuring pi.webgui.server.authentication-mode property in the <pi_install_dir>/pingidentity/webgui/config/ file. The default authentication method is native.


SSO authentication should be used only for production deployments. Use native authentication for PoC deployments.

SSO configuration for PingIntelligence for APIs Dashboard

SSO configuration for PingIntelligence Dashboard involves configuring both Dashboard and PingFederate. The following is a summary of configuration steps:

  1. Verify the prerequisites.
  2. Configure an OAuth client in PingFederate.
  3. Configure the file.
  4. Configure the file in Dashboard.
  5. Import the PingFederate SSL server certificate.
  6. Obfuscate
  7. Start Dashboard.

Verify the prerequisites

Ensure the following prerequisites are complete before SSO configuration:

  • PingFederate is installed and configured to support OIDC SSO for any client. The current supported PingFederate versions are 9.3 or 10.1.
  • PingIntelligence for APIs Dashboard is installed.

Configure OAuth client in PingFederate

Creating and configuring an OAuth client in PingFederate is an essential step for PingIntelligence Dashboard's SSO authentication. If the OAuth client is not correctly configured in PingFederate, it results in authentication failure. To configure an OAuth client, complete the steps in Configuring an OAuth client in PingFederate for PingIntelligence Dashboard SSO .

Configure file

Edit the <pi_install_dir>/pingidentity/webgui/config/ to set the value of pi.webgui.server.authentication-mode to sso to configure authentication using SSO.

### Authentication mode
# valid values: native, sso

Configure SSO properties file in Dashboard

Configure the <pi_install_dir>/pingidentity/webgui/ file to complete the PingIntelligence Dashboard's SSO authentication. For more information, see Configuring Dashboard for PingFederate.

Import the PingFederate SSL server certificate

After the PingIntelligence Dashboard configuration for SSO is complete, import the PingFederate’s SSL server certificate to the PingIntelligence Dashboard’s truststore <pi_install_dir>/pingidentity/webgui/config/webgui.jks.

Complete the following steps to import SSL certificate:

  1. Copy Pingfederate’s SSL server certificate to <pi_install_dir>/pingidentity/webgui/config/ directory
  2. Execute the following command.
    # cd <pi_install_dir>/pingidentity/webgui/config/
    keytool -import -trustcacerts -file <pf_certificate.crt> -alias pi-sso -keystore webgui.jks

The default password to import pf_certificate.crt to webgui.jks is changeme.


You can obfuscate keys added in SSO properties using the following commands.

# cd <pi_install_dir>/pingidentity/webgui
# ./bin/ obfuscate_keys

Start PingIntelligence for APIs Dashboard

Start the PingIntelligence for APIs Dashboard. For more information, see Start and stop Dashboard.

When the PingIntelligence Dashboard is started successfully, access it using https://<pi_install_host>:8030. The Dashboard will start SSO Authentication, and a new session will get created for the logged-in users.


Every PingIntelligence Dashboard SSO authentication event is attached with a unique ID, which is logged in <pi_install_dir>/pingidentity/webgui/logs/admin/sso.log .

If SSO authentication fails for any reason, PingIntelligence Dashboard shows the following error message.

Screen capture of the PingIntelligence Dashboard error message for SSO failure.

You can filter sso-event-ref = <unique ID> in the <pi_install_dir>/pingidentity/webgui/logs/admin/sso.log file to find the reason for SSO failure.